047483513a
xen-4.6.0-testing-src.tar.bz2 mini-os.tar.bz2 blktap2-no-uninit.patch stubdom-have-iovec.patch - Renamed xsa149.patch to CVE-2015-7969-xsa149.patch - Dropped patches now contained in tarball or unnecessary xen-4.5.2-testing-src.tar.bz2 54c2553c-grant-table-use-uint16_t-consistently-for-offset-and-length.patch 54ca33bc-grant-table-refactor-grant-copy-to-reduce-duplicate-code.patch 54ca340e-grant-table-defer-releasing-pages-acquired-in-a-grant-copy.patch 54f4985f-libxl-fix-libvirtd-double-free.patch 55103616-vm-assist-prepare-for-discontiguous-used-bit-numbers.patch 551ac326-xentop-add-support-for-qdisk.patch 552d0fd2-x86-hvm-don-t-include-asm-spinlock-h.patch 552d0fe8-x86-mtrr-include-asm-atomic.h.patch 552d293b-x86-vMSI-X-honor-all-mask-requests.patch 552d2966-x86-vMSI-X-add-valid-bits-for-read-acceleration.patch 5537a4d8-libxl-use-DEBUG-log-level-instead-of-INFO.patch 5548e903-domctl-don-t-truncate-XEN_DOMCTL_max_mem-requests.patch 5548e95d-x86-allow-to-suppress-M2P-user-mode-exposure.patch 554c7aee-x86-provide-arch_fetch_and_add.patch 554c7b00-arm-provide-arch_fetch_and_add.patch 554cc211-libxl-add-qxl.patch 55534b0a-x86-provide-add_sized.patch 55534b25-arm-provide-add_sized.patch 5555a4f8-use-ticket-locks-for-spin-locks.patch 5555a5b9-x86-arm-remove-asm-spinlock-h.patch 5555a8ec-introduce-non-contiguous-allocation.patch 556d973f-unmodified-drivers-tolerate-IRQF_DISABLED-being-undefined.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=387
102 lines
3.6 KiB
Diff
102 lines
3.6 KiB
Diff
# Commit cf6d39f81992c29a637c603dbabf1e21a0ea563f
|
|
# Date 2015-09-25 09:05:29 +0200
|
|
# Author Jan Beulich <jbeulich@suse.com>
|
|
# Committer Jan Beulich <jbeulich@suse.com>
|
|
x86/PV: properly populate descriptor tables
|
|
|
|
Us extending the GDT limit past the Xen descriptors so far meant that
|
|
guests (including user mode programs) accessing any descriptor table
|
|
slot above the original OS'es limit but below the first Xen descriptor
|
|
caused a #PF, converted to a #GP in our #PF handler. Which is quite
|
|
different from the native behavior, where some of such accesses (LAR
|
|
and LSL) don't fault. Mimic that behavior by mapping a blank page into
|
|
unused slots.
|
|
|
|
While not strictly required, treat the LDT the same for consistency.
|
|
|
|
Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
|
|
# Commit 61031e64d3dafd2fb1953436444bf02eccb9b146
|
|
# Date 2015-10-27 14:46:12 +0100
|
|
# Author Jan Beulich <jbeulich@suse.com>
|
|
# Committer Jan Beulich <jbeulich@suse.com>
|
|
x86/PV: don't zero-map LDT
|
|
|
|
This effectvely reverts the LDT related part of commit cf6d39f819
|
|
("x86/PV: properly populate descriptor tables"), which broke demand
|
|
paged LDT handling in guests.
|
|
|
|
Reported-by: David Vrabel <david.vrabel@citrix.com>
|
|
Diagnosed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
Tested-by: David Vrabel <david.vrabel@citrix.com>
|
|
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
|
|
Index: xen-4.6.0-testing/xen/arch/x86/mm.c
|
|
===================================================================
|
|
--- xen-4.6.0-testing.orig/xen/arch/x86/mm.c
|
|
+++ xen-4.6.0-testing/xen/arch/x86/mm.c
|
|
@@ -502,12 +502,12 @@ void update_cr3(struct vcpu *v)
|
|
make_cr3(v, cr3_mfn);
|
|
}
|
|
|
|
+static const char __section(".bss.page_aligned") zero_page[PAGE_SIZE];
|
|
|
|
static void invalidate_shadow_ldt(struct vcpu *v, int flush)
|
|
{
|
|
l1_pgentry_t *pl1e;
|
|
- int i;
|
|
- unsigned long pfn;
|
|
+ unsigned int i;
|
|
struct page_info *page;
|
|
|
|
BUG_ON(unlikely(in_irq()));
|
|
@@ -522,10 +522,10 @@ static void invalidate_shadow_ldt(struct
|
|
|
|
for ( i = 16; i < 32; i++ )
|
|
{
|
|
- pfn = l1e_get_pfn(pl1e[i]);
|
|
- if ( pfn == 0 ) continue;
|
|
+ if ( !(l1e_get_flags(pl1e[i]) & _PAGE_PRESENT) )
|
|
+ continue;
|
|
+ page = l1e_get_page(pl1e[i]);
|
|
l1e_write(&pl1e[i], l1e_empty());
|
|
- page = mfn_to_page(pfn);
|
|
ASSERT_PAGE_IS_TYPE(page, PGT_seg_desc_page);
|
|
ASSERT_PAGE_IS_DOMAIN(page, v->domain);
|
|
put_page_and_type(page);
|
|
@@ -4420,16 +4420,18 @@ long do_update_va_mapping_otherdomain(un
|
|
void destroy_gdt(struct vcpu *v)
|
|
{
|
|
l1_pgentry_t *pl1e;
|
|
- int i;
|
|
- unsigned long pfn;
|
|
+ unsigned int i;
|
|
+ unsigned long pfn, zero_pfn = PFN_DOWN(__pa(zero_page));
|
|
|
|
v->arch.pv_vcpu.gdt_ents = 0;
|
|
pl1e = gdt_ldt_ptes(v->domain, v);
|
|
for ( i = 0; i < FIRST_RESERVED_GDT_PAGE; i++ )
|
|
{
|
|
- if ( (pfn = l1e_get_pfn(pl1e[i])) != 0 )
|
|
+ pfn = l1e_get_pfn(pl1e[i]);
|
|
+ if ( (l1e_get_flags(pl1e[i]) & _PAGE_PRESENT) && pfn != zero_pfn )
|
|
put_page_and_type(mfn_to_page(pfn));
|
|
- l1e_write(&pl1e[i], l1e_empty());
|
|
+ l1e_write(&pl1e[i],
|
|
+ l1e_from_pfn(zero_pfn, __PAGE_HYPERVISOR & ~_PAGE_RW));
|
|
v->arch.pv_vcpu.gdt_frames[i] = 0;
|
|
}
|
|
}
|
|
@@ -4442,7 +4444,7 @@ long set_gdt(struct vcpu *v,
|
|
struct domain *d = v->domain;
|
|
l1_pgentry_t *pl1e;
|
|
/* NB. There are 512 8-byte entries per GDT page. */
|
|
- int i, nr_pages = (entries + 511) / 512;
|
|
+ unsigned int i, nr_pages = (entries + 511) / 512;
|
|
|
|
if ( entries > FIRST_RESERVED_GDT_ENTRY )
|
|
return -EINVAL;
|